MCI’s response to PQ on measures to protect personal data of Facebook users

14 JAN 2019

Parliament Sitting on 14 January 2019

QUESTION FOR ORAL ANSWER

*35. Mr Lim Biow Chuan: To ask the Minister for Communications and Information in view of the security breach in personal data of Facebook users in USA, whether there are any measures to protect the personal data of Facebook users in Singapore. 

Answer:

  1. Mr Speaker, organisations that collect, use and disclose personal data in Singapore, including Facebook, are required to comply with the Personal Data Protection Act 2012, or PDPA. Among other things, the PDPA requires organisations to notify individuals of the purposes for which they are collecting, using or disclosing personal data, to obtain consent where required, and to make reasonable security arrangements to protect the personal data under their possession or control. 

  2. The Personal Data Protection Commission, or PDPC, monitors data breach incidents closely and will take appropriate enforcement actions if it assesses that the PDPA has been breached. In doing so, PDPC works with its regulatory counterparts in other jurisdictions to share information on incidents, and with the relevant organisations to inform and help affected individuals. 

  3. With respect to Facebook’s security breach in September 2018, Facebook reported that a feature allowing Facebook users to see what their own profiles looked like to others had a vulnerability which enabled attackers to view Facebook users’ accounts without permission. Upon learning of the security vulnerability, PDPC immediately contacted Facebook to request for additional information, such as whether Singapore users were affected, and the measures Facebook was taking to prevent a recurrence of such vulnerabilities. PDPC ensured that Facebook alerted affected users and advised them of the steps they could take to protect themselves. PDPC is closely monitoring the matter, including the investigation in the US and other related developments, and will assess whether further action is necessary. 

  4. I would like to take this opportunity to stress that all of us also have a role to play in protecting our personal data. Users of Facebook and other social media platforms should make full use of these platforms’ security features to protect their personal data, such as selecting their preferred option in the privacy settings of social media platforms. Users should also be careful about the personal data they share online, so as to minimise the impact should a data breach occur.